Please Login First!"; exit(1); } require_once("../include/db_info.inc.php"); require_once("../include/my_func.inc.php"); echo "
"; echo "

Edit-"."$MSG_NEWS

"; include_once("kindeditor.php"); ?>
", "", $content); $content = str_replace("

", "
", $content); $content = str_replace(",", ",", $content); $user_id = $_SESSION[$OJ_NAME.'_'.'user_id']; $news_id = intval($_POST['news_id']); if(false){ $title = stripslashes($title); $content = stripslashes($content); } $title = RemoveXSS($title); $content = RemoveXSS($content); $sql = "UPDATE `news` SET `title`=?,`time`=now(),`content`=?,user_id=? WHERE `news_id`=?"; //echo $sql; pdo_query($sql,$title,$content,$user_id,$news_id) ; header("location:news_list.php"); exit(); }else{ $news_id = intval($_GET['id']); $sql = "SELECT * FROM `news` WHERE `news_id`=?"; $result = pdo_query($sql,$news_id); if(count($result)!=1){ echo "No such News!"; exit(0); } $row = $result[0]; $title = htmlentities($row['title'],ENT_QUOTES,"UTF-8"); $content = $row['content']; } ?>
>

: